Re: [Full-disclosure] Remote buffer overflow in httpdx

Can't reproduce it too (XPSP3 En + httpdx 1.4.0)... On Fri, Oct 9, 2009 at 8:49 AM, dr_...@hushmail.com wrote: this didn't seem to work for me. Test system XPSP3 + httpdx 1.4.0. Definitely causes a crash but the retn/offsets must not be universal? -- Best wishes, Freddie Vicious

Re: [Full-disclosure] When is it valid to claim that a vulnerability leads to a remote attack?

On Sat, 10 Oct 2009 22:32:49 CDT, Rohit Patnaik said: Well, why are you relying on Thierry's clock to date your message? Your e-mail client should use your local clock/mail server clock to timestamp messages. Hint: your e-mail client *can't* timestamp this message, because it has no *clue*

Re: [Full-disclosure] Cellphone with USB host

valdis.kletni...@vt.edu wrote: So guys - what would be the ideal corporate-espionage device, and what's the best approximation currently on the market? AFAIK, it's a field of one: http://www.immunitysec.com/products-silica.shtml =i ___

[Full-disclosure] A CALL TO ARMS ON RESPONSIBLE DISCLOSURE

Greetin's t'my homeys and colleagues uh Full Disclosho' man: De days uh responsible disclosho' man be now behind us. Fo' years many in de security community been playin' games wid software and hardware vendo's, by attemptin' t'responsibly repo't security vulnerabilities. Mo'e often dan not,

[Full-disclosure] [ MDVSA-2009:268 ] mono

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:268 http://www.mandriva.com/security/

[Full-disclosure] [ MDVSA-2009:269 ] mono

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:269 http://www.mandriva.com/security/

[Full-disclosure] [SECURITY] [DSA 1906-1] End-of-life announcement for clamav in stable and oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1906-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris October 11, 2009

[Full-disclosure] [ MDVSA-2009:270 ] wireshark

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:270 http://www.mandriva.com/security/

[Full-disclosure] [ MDVSA-2009:271 ] libnasl

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:271 http://www.mandriva.com/security/

Re: [Full-disclosure] [-SPAM-] Re: When is it valid to claim that a vulnerability leads to a remote attack?

Hi James, Well, that would explain why client side exploits are so fruity these days. Probably nobody invests into protection against them , as the risk assessment team tells them it is a local issue only ? Pun intended ;) A PDF/DOC exploit should be classified as remotely exploitable or

[Full-disclosure] [ MDVSA-2009:272 ] libmikmod

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:272 http://www.mandriva.com/security/

[Full-disclosure] [ MDVSA-2009:273 ] strongswan

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:273 http://www.mandriva.com/security/